Snapchat: Our Servers Were Not Breached In The ‘Snappening’, Blame 3rd Party Apps

4 years

In the last day, news has been circulating that a database of some 200,000 Snapchat photos is being leaked after a third-party app used to save people’s otherwise-disappearing pictures got hacked. While some people argue over which third-party app is responsible for the breach, and whether the whole thing is actually a hoax, Snapchat has issued a statement distancing itself from any responsibility, noting that its servers were not breached, and that the fault lies with the customers’ use of unauthorized third-party apps:

“We can confirm that Snapchat’s servers were never breached and were not the source of these leaks,” a spokesperson said in a written statement. “Snapchatters were victimized by their use of third-party apps to send and receive Snaps, a practice that we expressly prohibit in our Terms of Use precisely because they compromise our users’ security. We vigilantly monitor the App Store and Google Play for illegal third-party apps and have succeeded in getting many of these removed.”

Indeed, Snapchat makes no mention of how or if they will be getting involved in trying to get the pictures taken down, although it is putting a lot of effort into getting apps like these out of the picture.

The incident has been dubbed the “Snappening” in a hat-tip to the Fappening, the name given to the iCloud celebrity photo leak in September (and which Apple, like Snapchat, denied was caused by a breach in its own system).

The alarm bells it seems were raised first by a blogger called Kenny Withers, and the two apps that have been named as the origin of the hack are SnapSave and SnapSaved (note: SnapSaved seems to have ceased to exist, while there are several apps called SnapSave or a variation of it in the App Store and Google Play). The 200,000 pictures are allegedy being organised now based on user names and getting ready to be published as a torrent on October 12.

An excerpt of the 4chan thread reposted from Withers’ site:

Judging by what I can see, the pictures previewed in the 4chan threads appear to be a mixture of NSFW pictures alongside racy-but-not-explicit pictures. Food and cute animals? Not so much, it seems. Some are questioning the authenticity of the whole claim based on the fact that several of the pictures have appeared elsewhere on the internet.

For now, Snapchat seems to be responding to it as a real hack — although not of its own servers.

This is not the first time Snapchat has faced privacy issues. Some 4.6 million Snapchat user names and numbers published online by way of a Snapchat exploit (now fixed). That time people also thought the hack was a hoax. It took Snapchat more than a week to apologise for the incident.

Ultimately, for anyone who might find their pictures part of this trove, and for those who are just watching from the sidelines, this is yet another lesson in online privacy today. No matter whether a service touts its ephemerality, or whether it’s a platform that wants to be the home for your stuff for the rest of your life and beyond, you have to prepare yourself for the eventuality that whatever is in one place today may be somewhere else a little more public tomorrow.